firewall com portas bloqueadas

1. firewall com portas bloqueadas

cristianovrrj
(usa Debian)

Enviado em 26/08/2013 - 16:44h

Boa tarde prezados

Estou com um firewall tudo certinho mas nao consigo liberar as portas que preciso meus tenho um servidor com o software que as outras lojas acessam mas as portas nao estão liberadas ja tentei de todas as formas e nao consigo.

Segue o meu conf do firewall para verificação.

Alguém poderia me ajudar?

obrigado



#!/bin/bash



### Variaveis ###



IPT="iptables"

      

### Limpando as regras anteriores ###



$IPT -F

$IPT -t nat -F



echo -n "Iniciando Firewall: "



### Carregando Modulos ###

modprobe ip_tables

modprobe iptable_nat

modprobe ip_conntrack

modprobe ip_conntrack_ftp

modprobe ip_nat_ftp

modprobe ipt_LOG

modprobe ipt_REJECT

modprobe ipt_MASQUERADE

modprobe ipt_state

modprobe ipt_multiport

modprobe iptable_mangle

modprobe ipt_tos

modprobe ipt_limit

modprobe ipt_mark

modprobe tun

modprobe ipt_MARK



### Politica de Seguranca ###

$IPT -P INPUT DROP

$IPT -P OUTPUT ACCEPT

$IPT -P FORWARD DROP













### Compartilhando Conexao ###



$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward





#Servidor aplicacao 

$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT

$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT

$IPT -I INPUT -p udp -s IP-INTERNET --dport 3051 -j ACCEPT

$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT

$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT

$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT

$IPT -I INPUT -p udp -s IP-INTERNET --dport 3049 -j ACCEPT

$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT





$IPT -t nat -A PREROUTING -p tcp --dport 21 -i eth1 -j DNAT --to 192.168.0.5:21

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 21 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 21 -j ACCEPT







$IPT -t nat -A PREROUTING -p tcp --dport 3051 -i eth1 -j DNAT --to 192.168.0.5:3051

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3051 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3051 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 3049 -i eth1 -j DNAT --to 192.168.0.5:3049

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3049 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3049 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 3050 -i eth1 -j DNAT --to 192.168.0.5:3050

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3050 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3050 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 3389 -i eth1 -j DNAT --to 192.168.0.5:3389

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3389 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3389 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 4899 -i eth1 -j DNAT --to 192.168.0.5:4899

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 4899 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 4899 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 63101 -i eth1 -j DNAT --to 192.168.0.5:63101

$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 63101 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 63101 -j ACCEPT









####bloquear IP da rede



#iptables -A INPUT -s 192.168.1.149 -j REJECT



#iptables -A FORWARD -s 192.168.1.149 -j REJECT









### Navegacao ###

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A OUTPUT -o eth0 -s 192.168.0.0/24  -j ACCEPT

$IPT -A FORWARD -s 192.168.0.0/24 -o eth0 -j ACCEPT

$IPT -A INPUT -s 192.168.0.0/24 -j ACCEPT



### Pingar e ser Pingado ####

$IPT -A INPUT -p icmp -j ACCEPT

$IPT -A FORWARD -p icmp -j ACCEPT



### Navegar ###

$IPT -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPT -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT

$IPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT











#liberando ssh e porta 80 pra rede interna

$IPT -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

$IPT -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

$IPT -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT

$IPT -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT



$IPT -A INPUT -i eth0 -p tcp --dport 2222 -j ACCEPT

$IPT -A INPUT -i eth0 -p tcp --sport 2222 -j ACCEPT



### Outlook ###

$IPT -A FORWARD -p udp -s 192.168.0.0/24 -d 72.29.70.41 --dport 53 -j ACCEPT

$IPT -A FORWARD -p udp -s 72.29.70.41 --sport 53 -d 192.168.0.0/24 -j ACCEPT

$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 34249 -j ACCEPT

$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 26 -j ACCEPT

$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 25 -j ACCEPT

$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 110 -j ACCEPT

$IPT -A FORWARD -p tcp --sport 26 -j ACCEPT

$IPT -A FORWARD -p tcp --sport 25 -j ACCEPT

$IPT -A FORWARD -p tcp --sport 110 -j ACCEPT





$IPT -A INPUT -p tcp --dport 63101 -j ACCEPT

$IPT -A FORWARD -p tcp --sport 63101 -j ACCEPT





$IPT -A INPUT -p tcp --dport 3051 -j ACCEPT

$IPT -A FORWARD -p tcp --sport 3051 -j ACCEPT



$IPT -t nat -A POSTROUTING -j MASQUERADE







#________________________________________________________________________________________________









#Portas liberadas

$IPT -A INPUT -p tcp --dport 80 -j ACCEPT

$IPT -A INPUT -p tcp --dport 443 -j ACCEPT

$IPT -A INPUT -p tcp --dport 110 -j ACCEPT

$IPT -A INPUT -p tcp --dport 26 -j ACCEPT

$IPT -A INPUT -p tcp --dport 25 -j ACCEPT

$IPT -A INPUT -p tcp --dport 5900 -j ACCEPT

$IPT -A INPUT -p tcp --dport 22 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3389 -j ACCEPT

$IPT -A INPUT -p tcp --dport 20 -j ACCEPT

$IPT -A INPUT -p tcp --dport 21 -j ACCEPT

$IPT -A INPUT -p tcp --dport 5900 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3389 -j ACCEPT

$IPT -A INPUT -p tcp --dport 4899 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3080 -j ACCEPT

$IPT -A INPUT -p tcp --dport 63101 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3049 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3050 -j ACCEPT

$IPT -A INPUT -p tcp --dport 3051 -j ACCEPT







#banco santander 

$IPT -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 192.168.0.142:80

$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 80 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 80 -j ACCEPT





$IPT -t nat -A PREROUTING -p tcp --dport 443 -i eth1 -j DNAT --to 192.168.0.142:443

$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 443 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 443 -j ACCEPT





$IPT -t nat -A PREROUTING -p tcp --dport 3080 -i eth1 -j DNAT --to 192.168.0.142:3080

$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 3080 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 3080 -j ACCEPT



$IPT -t nat -A PREROUTING -p tcp --dport 5001 -i eth1 -j DNAT --to 192.168.0.142:5001

$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 5001 -j ACCEPT

$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 5001 -j ACCEPT







### Redirecionamento de portas para o squid ###

$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128





echo "Firewall inicializado"

0 0

Quote

2. Re: firewall com portas bloqueadas

leonardoortiz
(usa CentOS)

Enviado em 26/08/2013 - 23:22h

Ué, mas quais portas?

0 0

Quote

3. Re: firewall com portas bloqueadas

cristianovrrj
(usa Debian)

Enviado em 26/08/2013 - 23:39h

Desculpa esquesci de mencionar as portas.

preciso destas portas
$IPT -A INPUT -p tcp --dport 63101 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3049 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3050 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3051 -j ACCEPT

redirecionadas para o ip 192.168.0.5

que não consigo liberar estas portas.

0 0

Quote

4. Re: firewall com portas bloqueadas

leonardoortiz
(usa CentOS)

Enviado em 28/08/2013 - 17:42h

Marca esses caras:
#Servidor aplicacao
$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I INPUT -p udp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I INPUT -p udp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT

Coloca isso:
$IPT -A FORWARD -p tcp --dport 63101 -j ACCEPT
$IPT -A FORWARD -p tcp --dport 3049 -j ACCEPT
$IPT -A FORWARD -p tcp --dport 3050 -j ACCEPT
$IPT -A FORWARD -p tcp --dport 3051 -j ACCEPT

Marca essa:
$IPT -A FORWARD -s 192.168.0.0/24 -o eth0 -j ACCEPT

E coloca assim:
$IPT -A FORWARD -s 192.168.0.0/24 -j ACCEPT

Só lembrando(não sei como é sua rede), mas se tiver usando um modem conversacional, com firewall, tem que fazer ele redirecionar essas portas pro seu fw.

0 0

Quote